CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44740 – WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-44740
28 Oct 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform actions ... • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40686 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40686
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins via forged r... • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40687 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40687
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to reset the plugin's settings via forged re... • https://github.com/williamkhepri/CVE-2022-40687-metasploit-scanner • CWE-352: Cross-Site Request Forgery (CSRF) •